Today’s Software as a Service (SaaS) applications, such as Microsoft 365, do offer some native data retention and recovery capabilities. However, they do not eliminate the need for an independent backup of SaaS data. In fact, Microsoft recommends third-party backup in its services agreement.

This is referred to as a Shared Responsibility Model for data protection. In other words, Microsoft ensures the availability of applications, infrastructure, and the network connections required to use them. Protecting the data created using those applications is up to you.

This article will explain why backing up data from SaaS applications like Microsoft 365 is a vital component of every enterprise disaster recovery plan.

For explicit details on where Microsoft’s recovery fails across Microsoft 365 apps, download our Definitive Guide to Office 365 Data Loss Recovery.

Why Microsoft 365 Needs Backup

There are several reasons why your enterprise shouldn’t only rely on Microsoft 365’s or other SaaS applications’ data recovery tools.

  • Malware. Ransomware and other forms of malware are a major threat to your data. If malware has corrupted an end-user’s local data, many SaaS applications that automatically backup data through a sync feature could inadvertently infect the backup data. If that’s the only form of backup, the data could be lost. Phishing attacks can compromise your enterprise’s Microsoft 365 administrator accounts, further threatening the safety of your data. In addition, your options for restoring data lost in ransomware or other malware attacks via an application’s native tools can be limited, as well as complex and time-intensive.
  • Deletion by users. Accidental or malicious deletion of data by your enterprise’s employees is a very common threat that could result in major headaches. If you’re only relying on a SaaS application’s native backup, your ability to recover data that’s missing is at the mercy of whether or not that data is discovered to be missing before the application’s retention policy runs out.
  • Legal issues. If your enterprise is in an industry with strict regulations regarding retention policies and access to backups, SaaS applications like Microsoft 365 may not meet those requirements.
  • Business continuity. What happens when a SaaS application your enterprise relies on temporarily goes down? You won’t be able to access your SaaS application data if the only backup is within the affected application.

In short, Microsoft won’t always protect you. There are a number of ways your data could be deleted forever: that’s why you need a backup.

Backing up Data is a Shared Responsibility

As noted above, solely relying on a SaaS application’s native backup is a recipe for disaster. A successful enterprise SaaS backup and recovery plan should favor the 3-2-1 rule for data storage:

  1. Keep at least three copies of the data
  2. Store it on at least two different forms of media
  3. Keep one of those backups in an independent location offsite

Want to learn more? See how Backupify works to discover how your organization can run more efficiently.